GNOME Bugzilla – Bug 361891
Add "alternative port" and "local only" preferences to dialog ?
Last modified: 2009-11-10 07:03:43 UTC
We've added these preferences in bug #156242 and #333752: /desktop/gnome/remote_access/local_only If true, the server will only accept connections from localhost and network connections will be rejected. Set this option to true if you wish to exclusively use a tunneling mechanism to access the server, such as ssh. /desktop/gnome/remote_access/use_alternative_port If true, the server will listen another port, instead of default (5900). The port must be specified in 'alternative_port' key. /desktop/gnome/remote_access/alternative_port The port which the server will listen to if the 'use_alternative_port' key is set to true. Valid values are in the range from 5000 to 50000. First question is whether we should add these to the preferences dialog at all? If we do, perhaps add a new "Advanced" section: --- Advanced: [ ] Only allow other users from this computer to view or control your desktop [ ] Listen for connections on port: ________ --- Wording is more than a bit lame. Any ideas Calum?
I personally don't think I'd be too upset if these options didn't make it into the dialog :) Of the two, I think the "local users only" option sounds like a slightly more likely candidate for inclusion; one option might just be to replace: [x] Allow other users to control your desktop with something like: [x] Restrict to users on this computer only [x] Allow viewing users to control your desktop The port option is a bit trickier to work in nicely; it's a bit grotty to have either an "Advanced" disclosure triangle or a "Change Port.." button to access just one control. You could maybe just turn the "5900" part of the current hyperlink into a spin box: Users can view your desktop using this command: vncviewer ziggy.ireland:[5900 ]± but I'm not sure how obvious that would be to use, in practice...
D'oh, of course the latter idea is nonsense, because the hyperlink button is showing the display number, not the port. Another reason to leave it out of the prefs dialog for now I think :)
Sounds reasonable to me. Thanks
Reopening this one for more discussion. A lot of people ask me why are these features hidden.
I'm just a lowly user, but I'd like to throw my thoughts in here: Yeah, it be nice if Vino had these tucked away in the preferences screen, maybe have one of those arrow things beside the word "Advanced", which then expands to show the other two options when it's clicked. (For an example of what I'm talking about, see the "Keyboard" preferences dialog in Gnome. Look at the "Layout Options" tab...)
My USD $0.02: +1 for Calum Benson's first idea in Comment #1, except that the two new options should be reversed, like so: Just replace: [x] Allow other users to control your desktop with something like: [x] Allow viewing users to control your desktop [x] Restrict to users on this computer only
More small cents ! This type of discussion is coming back pretty often (I remember for instance Linus's metacity patches); that just prompted me about a possible general solution when things are not too clear: couldn't we include a "More advanced options" links, that would simply open gconf-editor (with the right conf subtree focused) ? I'm pretty sure gconf-editor is not going to scare admins or even moderately advanced users... The fact that each key is documented is also a great plus. Additionally, it can be hard to know where to look ("remote desktop" in menu -> "vino" -> "remote_access" in gconf); putting a link would help solve that problem too.
The label proposed for local_only makes no sense. There is no point in allowing local users to use this computer. In my opinion, if you want to expose it, the label should be something like: 'Require authentication to a local account before allowing connection' or 'Only allow connections secured by another protocol already' or something I don't really know how much the vnc protocol has evolved, but if there still is no security beyond a hashed password exchange, the default should be local connections only anyway, and this option may be superfluous. Are there any platforms left where it's hard to set up vnc over ssh (the client side, that is)?
About /desktop/gnome/remote_access/local_only = TRUE(In reply to comment #0) > We've added these preferences in bug #156242 and #333752: > > /desktop/gnome/remote_access/local_only > > If true, the server will only accept connections from > localhost and network connections will be rejected. Why rejected ? It should only listen on localhost. But instead, what about providing a option to configure on which interface to listen. Like : "Specifies the TCP/IP address(es) on which the server is to listen for connections from client. The value takes the form of a comma-separated list of host names and/or numeric IP addresses. The special entry * corresponds to all available IP interfaces."
I feel that both of these options should be exposed to the user. Text like 'Only allow local users to access the desktop' makes sense to me for the local_only option.
Perhaps a "Advanced access control settings" subdialog? ;-)
I fully believe that these options should be available in an "advanced" dialog, or it should at LEAST be documented in the help file for remote desktop. This whole minimal options idea is a bad one and needs to be curtailed, IMHO. Why are we against more choices?
A checkbox should be used only if the meanings of both the on and off states are obvious from the label. But that's probably not possible here. ("Restrict to users on this computer only" wouldn't explain *either* state. If someone is accessing your desktop, that person is a "user" who's "on this computer", so that's begging the question. And "on this computer only" seemingly prohibits people from using other computers at the same time!) In such situations, radio buttons are usually better: Allow access to your desktop for: (*) No-one ( ) Anyone who can log in to this computer ( ) Anyone People with access can: (*) View your desktop ( ) View and take control More extensive redesign available on request. ;-)
OK, let's give it a try. I've commited this UI change: http://www.bani.com.br/2007/11/10/changes-in-vino-gnome-vnc-server-for-222
I'm probably an oddball here, but I'm not sure I like the idea of gnome managing network services at all. I like vino ok, but think it should be managed like traditional services (start-stop scripts and a text-based configuration file). Regards, ..jim
I'm surprised this feature is not included (as it is in most other VNC variants), but I can see why one might hide it from the masses. Still, I think there should be more documentation online or somewhere saying how to use gconftool to change the port... I wasted 15 minutes trying to figure out something I can do easily with RealVNC...